Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6112)

Description

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

Remediation

References

Related Vulnerabilities

Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2009-1891)

Oracle Database Server CVE-2011-2244 Vulnerability (CVE-2011-2244)

Tornado Uncontrolled Resource Consumption Vulnerability (CVE-2025-67726)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0273)

Atlassian Confluence Incorrect Default Permissions Vulnerability (CVE-2017-9505)

Severity

Medium

Classification

CVE-2012-6112 CWE-264

Tags

Missing Update Known Vulnerabilities